0

So I'm trying to accomplish the following:

Using log4js-node I am trying to transmit my logging data to another server, which captures the data.

Now without encryption it's all nice and dandy, but I want dem fancy encryptions for security purposes (it's getting transmitted thru the World Wild Web after all).

My Ncat command:

sudo ncat -vvv -l 1000 --ssl --ssl-key /etc/letsencrypt/live/domainhere.com/privkey.pem --ssl-cert /etc/letsencrypt/live/domainhere.com/cert.pem

My error:

Ncat: Failed SSL connection from IPHERE: error:1408F10B:SSL routines:ssl3_get_record:wrong version number

Please note I am using ncat from the nmap project and not netcat since the original netcat has no SSL support.

I have already tried updating the OpenSSL version of the ncat server already to the newest that did not help. The port is set correctly, I don't get why it's throwing me this error...

UPDATE

The whole transmission looks the following (this is the raw ASCII data):
..:..I.4Vx....E.
.4.Q@.s...[1....
...^....;.......
..:.............
..

..:..I.4Vx....E.
.(.S@.s...[1....
...^....;.4...P.
...U........

..:..I.4Vx....E.
...U@.s...[1....
...^....;.4...P.
..N...[{"startTi
me":"1","categor
yName":"2","data
":"3","level":"4
","context":"5",
"pid":8848},"202
1-02-24T11:00:04
.331Z","default"
,["6"],{"level":
20000,"levelStr"
:"7","colour":"8
"},{},"Hello,.lo
g4js!","INFO","g
reen"]__LOG4JS__

.4Vx....:..I..E.
.(.-@.@.......[1
.....^4.....<.P.
..)...

.4Vx....:..I..E.
.(..@.@.......[1
.....^4.....<.P.
..)...

..:..I.4Vx....E.
...V@.s...[1....
...^....<.4...P.
...5..[{"startTi
me":"1","categor
yName":"2","data
":"3","level":"4
","context":"5",
"pid":8848},"202
1-02-24T11:00:04
.340Z","default"
,["6"],{"level":
30000,"levelStr"
:"7","colour":"8
"},{},"Test.warn
ing!.This.is.not
.a.drill!","WARN
","yellow"]__LOG
4JS__

.4Vx....:..I..E.
.(.'@.@.......[1
.....^4.......P.
......

..:..I.4Vx....E.
.4.X@.s...[1....
..._..S.C.......
...V............
..

.4Vx....:..I..E.
.(.0@.@.......[1
....._....S.C.P.
......
Munchkin
  • 857
  • 5
  • 24
  • 51
  • 1
    Are you sure that the client even sends the data with SSL? Because this is the kind of error one gets if non-SSL content is interpreted as SSL. – Steffen Ullrich Feb 23 '21 at 11:59
  • You made a good point there. I tried receiving the logging data without SSL and it worked it means that the unencrypted protocol works. Now if I use tcpdump I do appear to see encrypted data which confused me a little bit, since your theory might just be true – Munchkin Feb 23 '21 at 12:55
  • Stupid question: how do I test that without tcpdump then? – Munchkin Feb 23 '21 at 12:56
  • I'm not sure what you are asking. You said that you do a tcpdump but then ask on how to do it without tcpdump? In general, one has to actually see the traffic in order to determine what it is. – Steffen Ullrich Feb 23 '21 at 14:36
  • I meant to say tcpdump appears to have encrypted data, which is already ok, but it still throws the wrong version error, which seems to mean that the data is sent with SSL after all? What's the origin of the error then? – Munchkin Feb 23 '21 at 15:19
  • The TLS Handshake should be clearly visible as such in Wireshark, i.e. not just encrypted data. If not then it is not SSL or Wireshark is not properly used. Hard to tell what's going on without seeing what is actually transmitted. – Steffen Ullrich Feb 23 '21 at 16:47
  • I updated the question with the full raw ASCII data. I hope I did not publish my IPs that way – Munchkin Feb 24 '21 at 11:06
  • This is clearly plain text and not encrypted. This explains the error: trying to interpret non-SSL content as SSL. – Steffen Ullrich Feb 24 '21 at 11:26
  • Maybe you have an idea how I could implement SSL on top of `log4js-node`? I apparently don't find any SSL options in the documentation... – Munchkin Feb 24 '21 at 13:42
  • 1
    If it is not supported natively you might use SSL forwarders like stunnel. – Steffen Ullrich Feb 24 '21 at 19:11
  • 1
    https://seclists.org/nmap-dev/2009/q1/326 – eja Feb 22 '22 at 12:25
  • 1
    @eja huh, interesting, so this 13 year old issue was never solved?! `Ncat` always gets updated and the software is definitely not stale, but they ignored this rather important issue?! The error appears to be the same so it's probably what's causing it... – Munchkin Feb 22 '22 at 13:21
  • yeah, I've thought the same myself.. I encountered the same problem as you, but will need to look more into it. Hopefully it got fixed but tbh doesn't seem so. I just dropped the comment but will add more to it after some more investigation – eja Feb 23 '22 at 05:35

0 Answers0